Connected devices have huge security holes

Jul 29, 2014
An iPhone and iPad app that enables iPhone and iPad to function as a remote controller for home electronics such as TV, is seen on January 25, 2012 in San Francisco, California

The surge of Web-connected devices—TVs, refrigerators, thermostats, door locks and more—has opened up huge opportunities for cyberattacks because of weak security, researchers said Tuesday.

A study by the Hewlett-Packard security unit Fortify found 70 percent of the most commonly used "Internet of Things" devices contain vulnerabilities, including inadequate passwords or encryption, or lax access restrictions.

"While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface," said Mike Armistead, vice president and general manager for Fortify's enterprise security.

"With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats."

The study comes amid recent security warnings about hacking of medical devices, cars, televisions and even toilets that have an Internet connection.

The researcher scanned the most popular devices and their cloud components and found on average 25 vulnerabilities per device. These products included TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.

The study said eight of 10 devices tests leaked private information that could include the user's name, email address, home address, date of birth, credit card or health information.

Most of the devices lacked passwords, making it easier for hackers or others to gain access while some included simple default passwords such as "1234."

Some 70 percent of the devices analyzed failed to use encryption for communicating with the Internet and local network, another weakness that makes for easy outside access.

HP said that while demand for these devices is surging, security has failed to keep pace, and this "opens the doors for security threats" from a variety of sources.

The study said some estimates indicate as many as 26 billion devices will be connected to the Internet by 2020.

"Fortunately, there's still time to secure devices before consumers are at risk," the report said.

Explore further: Security experts reveal weakness in WiFi connected LIFX light bulbs

add to favorites email to friend print save as pdf

Related Stories

Connected devices in smart homes have control issues

Apr 03, 2014

(Phys.org) —Smart homes are growing smarter. But it all depends on how you define "smart." Smart, as in connected to the Internet, or smart as in a well-planned architecture of intelligent gadgets that ...

Heartbleed could harm a variety of systems

Apr 11, 2014

It now appears that the "Heartbleed" security problem affects not just websites, but also the networking equipment that connects homes and businesses to the Internet.

'Smart' homes open doors to hackers

Jul 30, 2013

Smart homes that let residents control alarms, locks and more over the internet are opening doors for crooks with hacker skills, according to computer security specialists.

Recommended for you

Man pleads guilty in New York cybercrime case

Nov 22, 2014

A California man has pleaded guilty in New York City for his role marketing malware that federal authorities say infected more than a half-million computers worldwide.

How to keep the world's eyes out of your webcam

Nov 21, 2014

There are concerns that thousands of private webcams around the world could be streaming live images to anybody who wishes to view them – without their owner knowing – thanks to a Russian website provi ...

Britain urges Russia to shut down webcam spying site

Nov 20, 2014

A Russian website offering thousands of live feeds peering into bedrooms and offices around the world by accessing poorly secured webcams should be taken down immediately, British officials said on Thursday.

NSA Director: China can damage US power grid

Nov 20, 2014

China and "one or two" other countries are capable of mounting cyberattacks to shut down the electric grid in parts of the United States. That's according to Admiral Michael Rogers, the director of the National Security Agency ...

Some in NSA warned of a backlash

Nov 20, 2014

Current and former intelligence officials say dissenters within the National Security Agency warned in 2009 that secretly collecting American phone records wasn't providing enough intelligence to justify ...

Russia hacking site spying webcams worldwide: Britain

Nov 20, 2014

Britain's privacy watchdog on Thursday called on Russia to take down a site showing hacked live feeds from thousands of homes and businesses around the world and warned it was planning "regulatory action".

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

Kinryu
1 / 5 (1) Jul 29, 2014
Security seems like a true afterthought on these devices. Definitely wish it was the opposite :(
alfie_null
not rated yet Jul 30, 2014
I was going to suggest that manufacturers be liable for certain sloppy practices. But here's another idea: through the insurance industry (as they end up paying for a disproportionate part of this problem), some sort of certification process. Clients who avoid non-certified equipment get a discount on their insurance.
daqddyo
5 / 5 (1) Jul 30, 2014
Why do our home electronic utlities have to be connected to the internet anyway?
Surely an in-house minicomputer could control and analyse the usage data of all devices (using bluetooth) without having to broadcast this info. into the ether/cloud. A display panel could tell the owner of the status of all connected devices. If there is a problem with any of them, the owner can decide what to do about it.

I for one do not wish to pay for the continuous dissemination of data into the internet such as the contents of my refrigerator or about how often I open it.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.